How to Maximize Your Security on Zoom

While 2020 has been a tumultuous year for many businesses across the globe, it has also provided opportunities for others to grow and expand their reach. One of the largest examples of this is seen with Zoom. Zoom has become a software juggernaut right before our eyes, growing exponentially in just a few month’s time. In fact, Zoom has grown its daily user count from a previous high of 10 million in December of 2019 to more than 200 million daily users in March of 2020. This growth has been built primarily out of necessity as the COVID-19 pandemic changed the dynamic for professionals in the workplace, students in the classroom, and most individuals with their friends and loved ones .

With the combination of Zoom’s rise and the many security concerns associated with the company, we at PlexTrac figured that tips for maximizing your security on the software would be beneficial to readers. If everyone is going to be on Zoom calls for the foreseeable future, it would be good to have some direction on how to minimize security risks while using the platform. Below you can find these tips and an explanation for how to institute them.

Set Strong Account Passwords and Enable Multifactor Authentication

General security tips and regulations form a strong foundation for a secure Zoom experience. The most important foundational tips we suggest include creating a unique and “strong” password, and enabling multi factor authentication for your Zoom account.

A “strong” password is defined by these three important factors:

• Length – The longer a password is, the less likely an attacker is to crack it. It is recommended to maintain a password with a minimum of 12 characters. Ideally, your password should be 16 characters or longer.
• Numbers and Symbols – Including numbers, symbols, and upper-case letter increas the complexity of your password and protects against both human and AI password attacks.
• No Ties to Your Personal Information – While including your favorite sports team or your dog into your password might help you remember it, that information is readily available on the internet. Try to keep your passwords as general in content (but not in complexity) as possible.

By following these three elements of password creation your account is already its way being secure. On top of using a complex password, it is vital to enable multifactor authentication. Enabling multifactor authentication adds an extra layer of security to your account to ensure that even if a hacker cracks one layer of security they’ll have to work to crack the other.

Use the Web Client Version of Zoom Whenever Possible

Forbes suggests that you ditch the Zoom App and use the web client instead. While Zoom’s web client doesn’t have the cleanest record in the world, more effort has been made to secure this version of the platform when rivaled with the software application. Zoom has been quick to fix major problems with the web client, such as the ability for hackers to make calls without their consent, or the ability for hackers to access the camera and audio of your device. While the vast majority of these issues have been patched and have turned into old news for consumers, the application version of Zoom remains vulnerable to many attacks.

The best way we can describe the web client version of Zoom is as “sitting in a sandbox” in your browser. Sure, this browser can be exposed to dangerous web attacks, but the client remains without many of the security permissions the application version of Zoom has on your computer. This controlled environment limits the ability for attacks to do damage, steal data, and make their money. For these reasons we reccomend sticking to the web client version of Zoom whenever possible.

Protect Zoom Meetings with a Limited Invite List and a Strong Password

“Zoombombing” is a new phrase coined to describe trolls that infiltrate and continue to sabotage Zoom meetings with offensive and inappropriate content. Maximize your defenses to these Zoombomb attacks by always requiring the previously mentioned “strong” password for all meetings. In addition to this, invite only necessary personnel to your meetings. The more invites you send out to unique email addresses, the higher the likelihood that someone nefarious gets their hands on the password and ruins the party.

In recent months Zoom has come under fire for their limited security protocols. One of the most heavily scrutinized was the lack of password requirements for Zoom meetings. While not all Zoom meetings require passwords, Zoom has instituted this to be the default setting for meetings. Leave that “requires password” box checked and use a password that is not both complex and not easily guessable. This will ensure that your meeting stays secure and uninterrupted by unwanted guests.

Get Your Zoom Settings Right

Something every person with a Zoom account should do is comb through their settings to maximize their security level. One wrong setting can leave your account and meetings vulnerable to compromise. With this being said, here are some of the key settings to keep an eye out for:

• Always use auto Meeting ID generation: This setting means that each meeting you host has a unique and newly generated Meeting ID. This ensures that if one of your meetings is compromised that your future meetings won’t suffer the same fate.
• Check “no” on required video at join: Allowing video to enable by default should always be disabled, opting instead for individuals to start video sharing themselves. This will save any  confidential information and footage from leaking from participants who are unaware their video and audio are being shared.
• Use appropriate “screen sharing” settings: While some super collaborative meetings often require both the host and participants to share their screens, this isn’t always the case. Keeping your setting to “host only” screen sharing unless its necessary helps avoid the sharing of inappropriate and disruptive content by infiltrators.
• Enable “blur snapshot on iOS task switcher”: On Apple’s iOS devices enabling this feature is a must do. Enabling this setting ensures that confidential data and information aren’t stolen by users and then displayed on the task switcher.
• Consider switching “virtual background” to off: While Zoom backgrounds can be a lively and fun addition to meetings, they can also hide a participants true location. Consider disabling the ability to use virtual backgrounds in order to view a participants surroundings. Viewing these surroundings will make sure all participants are viewing from a secure location.

Note that these aren’t the only important settings on the platform, but rather are a few we wanted to highlight. Additionally, we recommend taking the time to go through each setting on Zoom and tweak it to your account’s personal needs.

Closing Thoughts

Zoom has quickly become a mainstay of both the workplace and the classroom. This is a trend that we don’t see going away any time soon. Additionally, this new “norm” will include an enormous up-tick in remote working environments (Click here for tips on how to maintain cybersecurity while working from these remote locations). This is a shift that many professionals saw coming in the future. However, the COVID-19 pandemic seemingly brought the future of the workplace to us out of necessity instead of innovation.

With all of this in mind, stay safe on Zoom and the many other online platforms out there, and work to maximize your security in any way you can.